Vancouver man exposes Facebook security breach

[Praxius]

http://www.cbc.ca/world/story/2008/03/25/face-book.html

The online social networking site Facebook says it has fixed a security loophole discovered by a Vancouver computer technician that allowed people to look at the private photos of users.

The news follows Facebook Inc.'s announcement last week that it was implementing tougher measures to allow members to restrict access to their personal profiles.

But Byron Ng, a Vancouver computer technician looking for flaws, was able to use computer coding to pull up private pictures of Facebook members and their friends.
The private photos included those of Paris Hilton at the Emmy awards and of her brother Nicholas drinking a beer with friends.

A reporter from the Associated Press was also able to use Ng's template to access the personal and private photos of random Facebook users, including a personal photo album of Facebook co-founder Mark Zuckerberg posted in November 2005.

After being alerted Monday afternoon, a Facebook spokeswoman said the company would look into the problem. By late Monday, Facebook appeared to have closed the security hole.

Around 67 million people are members of the site.

 

[Kreskin]

Why aren't people like Ng arrested? If I broke into a retail store would they let me go if I simply pointed out their security weakness?

 

[DurkaDurka]

Kreskin, unfortunately, this how a large majority of bugs are found in software. A lot of the times, the vendor/developer will refuse to acknowledge that a problem exists when it is presented to them by the technician etc, sometimes it takes some media exposure to get them to fix the issue. I think it's better that he exposed it publicly instead of letting it fester underground where unscrupulous hackers could use that exploit to blackmail people etc

I